Title: HornDroid: Practical and Sound Static Analysis of Android Applications by SMT Solving
Time: 13:30
Location: Meeting room, building Zeta
Type: Research Result
Speaker: Stefano Calzavara
Abstract:
We present HornDroid, a new tool for the static analysis of information flow properties in Android applications. The core idea underlying HornDroid is to use Horn clauses for soundly abstracting the semantics of Android applications and to express security properties as a set of proof obligations that are automatically discharged by an off-the-shelf SMT solver. This approach makes it possible to fine-tune the analysis in order to achieve a high degree of precision while still using off-the-shelf verification tools, thereby leveraging the recent advances in this field. As a matter of fact, HornDroid outperforms state-of-the-art Android static analysis tools on benchmarks proposed by the community. Moreover, HornDroid is the first static analysis tool for Android to come with a formal proof of soundness, which covers the core of the analysis technique: besides yielding correctness assurances, this proof allowed us to identify some critical corner-cases that affect the soundness
guarantees provided by some of the previous static analysis tools for Android.
Tag Archives: information flow control
23/07/2014 – Talk by Wilayat Khan
Title: Client Side Web Session Integrity as a Non-Interference Property
Time: 11:00
Location: Meeting room
Type: Research Result
Speaker: Wilayat Khan
Abstract:
Because of the stateless nature of the HTTP protocol, web applications
that need to maintain state over multiple interactions with a client have
to implement some form of session management: the server needs to know to
what ongoing session (if any) incoming HTTP requests belong. Sessions are
usually implemented by means of session cookies, which are unpredictable
random identifier generated by the server at the start of a session.
Sessions can be attacked at network (e.g. sniffing), implementation (e.g.
script injection) and application layers. The attacks at the first two
layers are well-understood problems with well-understood solutions,
however, the problem of application-level session integrity is not yet
well-understood. An attack at application layer happens when a page in the
browser send malicious requests to any of the servers that the browser
currently has a session with, and that request will automatically get the
session cookie attached and hence will be considered as part of a
(possibly authenticated) session by the server, leading to CSRF attacks.
Moreover, malicious requests can also be sent by scripts included in or
injected by an attacker into a page from the same origin.
In this work, we refined our previous ideas to the classical
noninterference property as known from information flow security and
designed an information flow control technique that can enforce session
integrity in a more permissive and fine-grained way than access control
mechanisms.
